Age verification for social media remains a fluid issue across regions, as stakeholders argue their positions to courts and governments, and providers tap proverbial signs about privacy measures and specific terminology.
In Mississippi, the Electronic Frontiers Foundation and the local ACLU have filed an amicus brief asking a federal appellate court to continue to block Mississippi’s HB 1126, which imposes age verification mandates on social media platforms.
An EFF blog quotes the brief filed in the U.S. Court of Appeals for the Fifth Circuit, which calls HB 1126 “an extraordinary censorship law that violates all internet users’ First Amendment rights to speak and to access protected speech.” It argues that age verification for social media would quash free expression, block access to “diverse and important spaces where minors can explore their identities,” which are “essential to their growth into productive members of adult society.”
Marginalized groups including LGTBQ+ youth would face barriers to connection and resources, EEF says. As to adults, “by forcibly tying internet users’ online interactions to their real-world identities, HB 1126 will chill their ability to engage in dissent, discuss sensitive, personal, controversial, or stigmatized content, or seek help from online communities.”
Privacy and the collection of sensitive biometric information is also a standing concern. “In an era where data breaches and identity theft are alarmingly common, HB 1126 puts every user’s personal data at risk,” says EEF. It also alleges that third-party providers that “profit from collecting and selling user data” would not be required to delete users’ identifying data; “unlike the online service providers themselves, they are also not restricted from sharing, disclosing, or selling that sensitive data. Indeed, the incentives are the opposite: to share the data widely.”
Yoti regulatory officer emphasizes importance of data minimization
Age verification providers, however, are often at pains to explain why and how they put user privacy at the center of their technical and strategic architecture. On an episode of Trust Talks and Digital Dives, a podcast from the Digital Identification and Authentication Council of Canada (DIACC), Yoti’s Chief Policy and Regulatory Officer Julie Dawson discusses some of the nuances that objectors tend to miss when kicking around terms like age verification, age assurance and age estimation – the latter of which does not require a specific, concrete source to confirm a user’s age, like verification does.
With age estimation, says Dawson, “you’re inferring or estimating age based on maybe behavioral patterns, maybe a biometric such as a facial scan, maybe a voice.” Age assurance, meanwhile, is an increasingly common umbrella term that covers the whole range of methods to determine age.
The privacy concerns, Dawson says, are understandable, given the sensitive nature of much age-restricted content. But for the same reason, providers like Yoti are highly sensitive about privacy. “The key element across the board is data minimization: showing just what is needed.” Regulators, she says, don’t need to know your name or birthday; just that you’re over the legal age, or within a certain range.
Between those without a government-issued ID, those who have one but cannot access it, and those who would prefer not to overshare information with government authorities, estimation approaches “meet the needs of people with a thin file,” Dawson says. But the principle of data minimization, and instantly deleting data that is collected for verification, also means that age verification is arguably adding a privacy layer.
Which is to say, the incentive is the exact opposite of sharing the data widely – rather, conveying as little data as is necessary, then getting rid of it as soon as possible.
Regulators, innovators work together to guide policy, language on age assurance
Dawson says in places such as Canada, where diversity is a cornerstone, it’s crucial for Yoti to publish regular updates and white papers to give lawmakers “a look under the hood” at the latest technological advances and benchmarking data. Language is a hurdle here, as well: Dawson says the country’s policies tend to lean toward “verification,” which limits the true range of age assurance methods.
The market, however, is quickly maturing everywhere. Dawson notes both a proliferation of providers offering services in the age assurance ecosystem, and an increasing demand for those services. She says “probably about a third of the top 20 global platforms are starting to use either estimation or verification approaches,” resulting in billions of age checks being conducted annually.
Europe sees promise in digital wallets for age verification
Euractiv reports that European authorities are pressing on with digital wallets for social media age verification under the Digital Services Act (DSA). They say the European Digital Identity (EUDI) Wallet is a “promising and effective instrument” that could become “a gold standard” for age verification.
The European Commission opened a tender for a pilot for digital wallets for age verification after €4 million was allocated to it in an early September budget amendment. Several nations are planning to use wallets for verification, and the EC is planning to publish an “Age Assurance Toolkit” to “raise awareness of the existing effective and privacy-preserving methods of age verification.”
For its part, the Age Verification Providers Association (AVPA) thinks using the EUDI Wallet for age verification is a bad idea. “The wallet is fundamentally an identity solution, and its processes all start with identification at a high level of security – giving rise to concerns that without some design adjustments, it will not be fully anonymized,” says Iain Corby, AVPA’s executive director.
Article Topics
ACLU | age estimation | age verification | AVPA | biometrics | EFF | EU Digital Identity Wallet | regulation | social media | Yoti